International Cryptography

B. Schneier

Information Security Magazine, September 1999. Revised version.

One of the stranger justifications of U.S. export controls is that they prevent the spread of cryptographic expertise. Years ago, the Administration argued that there were no cryptographic products available outside the U.S. When several studies proved that there were hundreds of products designed, built, and marketed outside the U.S., the Administration changed its story. These products were all no good, they argued. Export controls prevent superior American products from getting into foreign hands, forcing them to use inferior non-U.S. products.

Nonsense.

Cryptography is an international science. Most of the cryptographic conferences are held outside the U.S. Most of the cryptography researchers are at universities outside the U.S., and most cryptographic papers presented at conferences are written outside the U.S. There are more advanced degree programs in cryptography outside the U.S. than there are inside. Researchers outside the U.S. tend to be better funded, and there is more interest in their work. Some of the most important cryptographic research ideas in the past ten years have come from outside the U.S. The U.S. not only does not have a lock on cryptographic research, it does not even have the majority.

In 1997, NIST solicited algorithms for the Advanced Encryption Standard, to replace DES as a government encryption standard. Of the fifteen submissions received, ten were from companies and universities outside the U.S: Australia, Belgium, Canada, Costa Rica, England, France, Germany, Israel, Japan, Korea. Of the five submissions likely to be chosen for the next round, about half will be from outside the U.S. It is very possible that the next U.S. government encryption standard will have been designed outside the U.S.

The Internet Engineering Task Force has created a series of cryptographic standards for the Internet: secure e-mail, encrypted and authenticated IP packets, secure socket-level communications, key exchange and certificate formats, etc. These meetings are held several times a year, mostly in the U.S. but also outside. Attendees are from companies all over the world, and the standards are written by international consensus. The U.S. has no lock on the content of the standards, nor the evaluation process. These standards are implemented in products built all over the world, not just in the U.S. For example, a Finnish company called SSH has one of the best IPSec -- a standard for IP security -- implementations in the world.

Other non-U.S. technology has been integrated into U.S. companies. A Swedish company called COST built a comprehensive cryptographic toolkit. The company was acquired by Entegrity Solutions, Inc., a U.S. startup. Algorithmic Research, and its cryptographic products, was acquired by Cylink Corp. ELVIS+, a Russian company, is now part of the U.S. company TrustWorks, Inc. RSA Data Security, now owned by Security Dynamics Inc., recently purchased the rights to a cryptographic product created in Australia. This list goes on and on. Again and again, U.S. companies have realized that cryptographic expertise is available outside the U.S., and have taken steps to secure that expertise.

Cryptography does not stop at national borders. Research, standards, and products are international. Expertise is international. For the U.S. Administration to believe that there are "national secrets" about cryptography that export controls somehow keep inside the U.S. is sheer folly. There is no evidence that this is true, and considerable evidence that the reverse is true.

earlier essay: Web-Based Encrypted E-Mail
later essay: The Trojan Horse Race
categories: Computer and Information Security, National Security Policy
back to Essays and Op Eds

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..